64bit arith cscriptnum no new opcodes

Author: Christewart

src/script/interpreter.cpp

@@ -254,6 +254,20 @@ int FindAndDelete(CScript& script, const CScript& b)
     return nFound;
 }
 
+CScriptNum GetCScriptNum(const valtype& num, const bool fRequireMinimal, const SigVersion& sigversion)
+{
+    switch (sigversion)
+    {
+        case SigVersion::BASE:
+        case SigVersion::WITNESS_V0:
+        case SigVersion::TAPROOT:
+        case SigVersion::TAPSCRIPT:
+            return CScriptNum(num,fRequireMinimal,/*nMaximumSize=*/4);
+        case SigVersion::TAPSCRIPT_64BIT:
+            return CScriptNum(num,fRequireMinimal,/*nMaximumSize=*/8);
+    }
+}
+
 namespace {
 /** A data type to abstract out the condition stack during script execution.
  *
@@ -396,6 +410,7 @@ static bool EvalChecksig(const valtype& sig, const valtype& pubkey, CScript::con
     case SigVersion::WITNESS_V0:
         return EvalChecksigPreTapscript(sig, pubkey, pbegincodehash, pend, flags, checker, sigversion, serror, success);
     case SigVersion::TAPSCRIPT:
+    case SigVersion::TAPSCRIPT_64BIT:
         return EvalChecksigTapscript(sig, pubkey, execdata, flags, checker, sigversion, serror, success);
     case SigVersion::TAPROOT:
         // Key path spending in Taproot has no script, so this is unreachable.
@@ -404,6 +419,39 @@ static bool EvalChecksig(const valtype& sig, const valtype& pubkey, CScript::con
     assert(false);
 }
 
+static bool IsOpCodeDisabled(const opcodetype& opcode, const SigVersion& sigVersion, ScriptError* serror)
+{
+    switch(sigVersion)
+    {
+        case SigVersion::BASE:
+        case SigVersion::WITNESS_V0:
+        case SigVersion::TAPROOT:
+        case SigVersion::TAPSCRIPT:
+        case SigVersion::TAPSCRIPT_64BIT:
+        {
+            if (opcode == OP_CAT ||
+                opcode == OP_SUBSTR ||
+                opcode == OP_LEFT ||
+                opcode == OP_RIGHT ||
+                opcode == OP_INVERT ||
+                opcode == OP_AND ||
+                opcode == OP_OR ||
+                opcode == OP_XOR ||
+                opcode == OP_2MUL ||
+                opcode == OP_2DIV ||
+                opcode == OP_MUL ||
+                opcode == OP_DIV ||
+                opcode == OP_MOD ||
+                opcode == OP_LSHIFT ||
+                opcode == OP_RSHIFT)
+                return !set_error(serror, SCRIPT_ERR_DISABLED_OPCODE); // Disabled opcodes (CVE-2010-5137).
+            break;
+        }
+    }
+    //should we default to disabled is false?
+    return false;
+}
+
 bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker, SigVersion sigversion, ScriptExecutionData& execdata, ScriptError* serror)
 {
     static const CScriptNum bnZero(0);
@@ -415,7 +463,7 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
     static const valtype vchTrue(1, 1);
 
     // sigversion cannot be TAPROOT here, as it admits no script execution.
-    assert(sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0 || sigversion == SigVersion::TAPSCRIPT);
+    assert(sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0 || sigversion == SigVersion::TAPSCRIPT || sigversion == SigVersion::TAPSCRIPT_64BIT);
 
     CScript::const_iterator pc = script.begin();
     CScript::const_iterator pend = script.end();
@@ -454,22 +502,8 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                 }
             }
 
-            if (opcode == OP_CAT ||
-                opcode == OP_SUBSTR ||
-                opcode == OP_LEFT ||
-                opcode == OP_RIGHT ||
-                opcode == OP_INVERT ||
-                opcode == OP_AND ||
-                opcode == OP_OR ||
-                opcode == OP_XOR ||
-                opcode == OP_2MUL ||
-                opcode == OP_2DIV ||
-                opcode == OP_MUL ||
-                opcode == OP_DIV ||
-                opcode == OP_MOD ||
-                opcode == OP_LSHIFT ||
-                opcode == OP_RSHIFT)
-                return set_error(serror, SCRIPT_ERR_DISABLED_OPCODE); // Disabled opcodes (CVE-2010-5137).
+            if (IsOpCodeDisabled(opcode,sigversion,serror))
+                return false;
 
             // With SCRIPT_VERIFY_CONST_SCRIPTCODE, OP_CODESEPARATOR in non-segwit script is rejected even in an unexecuted branch
             if (opcode == OP_CODESEPARATOR && sigversion == SigVersion::BASE && (flags & SCRIPT_VERIFY_CONST_SCRIPTCODE))
@@ -926,7 +960,8 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                     // (in -- out)
                     if (stack.size() < 1)
                         return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
-                    CScriptNum bn(stacktop(-1), fRequireMinimal);
+
+                    CScriptNum bn = GetCScriptNum(stacktop(-1), fRequireMinimal, sigversion);
                     switch (opcode)
                     {
                     case OP_1ADD:       bn += bnOne; break;
@@ -959,19 +994,17 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                     // (x1 x2 -- out)
                     if (stack.size() < 2)
                         return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
-                    CScriptNum bn1(stacktop(-2), fRequireMinimal);
-                    CScriptNum bn2(stacktop(-1), fRequireMinimal);
+                    CScriptNum bn1 = GetCScriptNum(stacktop(-2), fRequireMinimal, sigversion);
+                    CScriptNum bn2 = GetCScriptNum(stacktop(-1), fRequireMinimal, sigversion);
                     CScriptNum bn(0);
                     switch (opcode)
                     {
                     case OP_ADD:
                         bn = bn1 + bn2;
                         break;
-
                     case OP_SUB:
                         bn = bn1 - bn2;
                         break;
-
                     case OP_BOOLAND:             bn = (bn1 != bnZero && bn2 != bnZero); break;
                     case OP_BOOLOR:              bn = (bn1 != bnZero || bn2 != bnZero); break;
                     case OP_NUMEQUAL:            bn = (bn1 == bn2); break;
@@ -988,7 +1021,6 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                     popstack(stack);
                     popstack(stack);
                     stack.push_back(bn.getvch());
-
                     if (opcode == OP_NUMEQUALVERIFY)
                     {
                         if (CastToBool(stacktop(-1)))
@@ -1939,6 +1971,13 @@ static bool VerifyWitnessProgram(const CScriptWitness& witness, int witversion,
                 execdata.m_validation_weight_left_init = true;
                 return ExecuteWitnessScript(stack, exec_script, flags, SigVersion::TAPSCRIPT, checker, execdata, serror);
             }
+            if ((control[0] & TAPROOT_LEAF_MASK) == TAPROOT_LEAF_TAPSCRIPT_64BIT) {
+                // Tapscript (leaf version 0x66)
+                exec_script = CScript(script.begin(), script.end());
+                execdata.m_validation_weight_left = ::GetSerializeSize(witness.stack) + VALIDATION_WEIGHT_OFFSET;
+                execdata.m_validation_weight_left_init = true;
+                return ExecuteWitnessScript(stack, exec_script, flags, SigVersion::TAPSCRIPT_64BIT, checker, execdata, serror);
+            }
             if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION) {
                 return set_error(serror, SCRIPT_ERR_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION);
             }

src/script/interpreter.h

@@ -222,6 +222,7 @@ static constexpr size_t WITNESS_V1_TAPROOT_SIZE = 32;
 
 static constexpr uint8_t TAPROOT_LEAF_MASK = 0xfe;
 static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT = 0xc0;
+static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT_64BIT = 0x66;
 static constexpr size_t TAPROOT_CONTROL_BASE_SIZE = 33;
 static constexpr size_t TAPROOT_CONTROL_NODE_SIZE = 32;
 static constexpr size_t TAPROOT_CONTROL_MAX_NODE_COUNT = 128;
@@ -232,7 +233,7 @@ extern const HashWriter HASHER_TAPLEAF;    //!< Hasher with tag "TapLeaf" pre-fe
 extern const HashWriter HASHER_TAPBRANCH;  //!< Hasher with tag "TapBranch" pre-fed to it.
 
 template <class T>
-uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn, int32_t nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache = nullptr);
+uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn, int nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache = nullptr);
 
 class BaseSignatureChecker
 {

src/script/script.cpp

@@ -361,6 +361,7 @@ bool IsOpSuccess(const opcodetype& opcode, SigVersion sigversion)
     switch (sigversion)
     {
     case SigVersion::TAPSCRIPT:
+    case SigVersion::TAPSCRIPT_64BIT:
         return opcode == 80 || opcode == 98 || (opcode >= 126 && opcode <= 129) ||
            (opcode >= 131 && opcode <= 134) || (opcode >= 137 && opcode <= 138) ||
            (opcode >= 141 && opcode <= 142) || (opcode >= 149 && opcode <= 153) ||

src/script/script.h

@@ -13,17 +13,6 @@
 #include <uint256.h>
 #include <util/hash_type.h>
 
-#include <cassert>
-#include <cstdint>
-#include <cstring>
-#include <limits>
-#include <span>
-#include <stdexcept>
-#include <string>
-#include <type_traits>
-#include <utility>
-#include <vector>
-
 enum class SigVersion;
 
 // Maximum number of bytes pushable to the stack
@@ -237,7 +226,7 @@ class CScriptNum
  */
 public:
 
-    explicit CScriptNum(const int64_t& n)
+    explicit CScriptNum(const __int128_t& n)
     {
         m_value = n;
     }
@@ -298,9 +287,15 @@ class CScriptNum
 
     inline CScriptNum& operator&=( const CScriptNum& rhs)       { return operator&=(rhs.m_value);  }
 
+    inline CScriptNum operator*(const __int128_t& rhs) const { return CScriptNum(m_value * rhs);}
+    inline CScriptNum operator*(const CScriptNum& rhs) const { return operator*(rhs.m_value);}
+
+    inline CScriptNum operator/(const __int128_t& rhs) const { return CScriptNum(m_value / rhs);}
+    inline CScriptNum operator/(const CScriptNum& rhs) const { return operator/(rhs.m_value);}
+
     inline CScriptNum operator-()                         const
     {
-        assert(m_value != std::numeric_limits<int64_t>::min());
+        assert(m_value != std::numeric_limits<__int128_t>::min());
         return CScriptNum(-m_value);
     }
 
@@ -312,16 +307,16 @@ class CScriptNum
 
     inline CScriptNum& operator+=( const int64_t& rhs)
     {
-        assert(rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) ||
-                           (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs));
+        assert(rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<__int128_t>::max() - rhs) ||
+                           (rhs < 0 && m_value >= std::numeric_limits<__int128_t>::min() - rhs));
         m_value += rhs;
         return *this;
     }
 
     inline CScriptNum& operator-=( const int64_t& rhs)
     {
-        assert(rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) ||
-                           (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs));
+        assert(rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<__int128_t>::min() + rhs) ||
+                           (rhs < 0 && m_value <= std::numeric_limits<__int128_t>::max() + rhs));
         m_value -= rhs;
         return *this;
     }
@@ -342,20 +337,21 @@ class CScriptNum
     }
 
     int64_t GetInt64() const { return m_value; }
-
+    __int128_t GetInt128() const {return m_value; }
     std::vector<unsigned char> getvch() const
     {
         return serialize(m_value);
     }
 
-    static std::vector<unsigned char> serialize(const int64_t& value)
+    static std::vector<unsigned char> serialize(const __int128_t& value)
     {
-        if(value == 0)
+        if(value == 0) {
             return std::vector<unsigned char>();
+        }
 
         std::vector<unsigned char> result;
         const bool neg = value < 0;
-        uint64_t absvalue = neg ? ~static_cast<uint64_t>(value) + 1 : static_cast<uint64_t>(value);
+        __uint128_t absvalue = neg ? ~static_cast<__uint128_t>(value) + 1 : static_cast<__uint128_t>(value);
 
         while(absvalue)
         {
@@ -373,33 +369,35 @@ class CScriptNum
 //    0x80 to it, since it will be subtracted and interpreted as a negative when
 //    converting to an integral.
 
-        if (result.back() & 0x80)
+        if (result.back() & 0x80) {
             result.push_back(neg ? 0x80 : 0);
-        else if (neg)
+        }
+        else if (neg) {
             result.back() |= 0x80;
+        }
 
         return result;
     }
 
 private:
-    static int64_t set_vch(const std::vector<unsigned char>& vch)
+    static __int128_t set_vch(const std::vector<unsigned char>& vch)
     {
       if (vch.empty())
           return 0;
 
-      int64_t result = 0;
+      __int128_t result = 0;
       for (size_t i = 0; i != vch.size(); ++i)
-          result |= static_cast<int64_t>(vch[i]) << 8*i;
+          result |= static_cast<__int128_t>(vch[i]) << 8*i;
 
       // If the input vector's most significant byte is 0x80, remove it from
       // the result's msb and return a negative.
       if (vch.back() & 0x80)
-          return -((int64_t)(result & ~(0x80ULL << (8 * (vch.size() - 1)))));
+          return -((__int128_t)(result & ~(0x80ULL << (8 * (vch.size() - 1)))));
 
       return result;
     }
 
-    int64_t m_value;
+    __int128_t m_value;
 };
 
 /**

src/script/script_error.cpp

@@ -115,6 +115,8 @@ std::string ScriptErrorString(const ScriptError serror)
             return "Using OP_CODESEPARATOR in non-witness script";
         case SCRIPT_ERR_SIG_FINDANDDELETE:
             return "Signature is found in scriptCode";
+        case SCRIPT_ERR_ARITHMETIC64:
+            return "Arithmetic opcode error";
         case SCRIPT_ERR_UNKNOWN_ERROR:
         case SCRIPT_ERR_ERROR_COUNT:
         default: break;

src/script/script_error.h

@@ -82,7 +82,11 @@ typedef enum ScriptError_t
     SCRIPT_ERR_OP_CODESEPARATOR,
     SCRIPT_ERR_SIG_FINDANDDELETE,
 
-    SCRIPT_ERR_ERROR_COUNT
+    SCRIPT_ERR_ERROR_COUNT,
+
+    /* 64bit arithmetic opcode errors */
+    SCRIPT_ERR_ARITHMETIC64
+
 } ScriptError;
 
 #define SCRIPT_ERR_LAST SCRIPT_ERR_ERROR_COUNT

src/script/sigversion.h

@@ -6,5 +6,6 @@ enum class SigVersion
     WITNESS_V0 = 1,  //!< Witness v0 (P2WPKH and P2WSH); see BIP 141
     TAPROOT = 2,     //!< Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341
     TAPSCRIPT = 3,   //!< Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see BIP 342
+    TAPSCRIPT_64BIT = 4, //!< Witness v1 with 32 byte program script path spending with 64bit arithmetic
 };
 #endif // BITCOIN_SCRIPT_SIGVERSION_H

src/test/script_tests.cpp

@@ -1701,8 +1701,9 @@ BOOST_AUTO_TEST_CASE(bip341_keypath_test_vectors)
             BOOST_CHECK_EQUAL(HexStr(sighash), input["intermediary"]["sigHash"].get_str());
 
             // To verify the sigmsg, hash the expected sigmsg, and compare it with the (expected) sighash.
-            BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << std::span<const uint8_t>{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
+            BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << Span{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
         }
+
     }
 }
 

src/wallet/feebumper.h

@@ -93,6 +93,7 @@ struct SignatureWeights
             break;
         case SigVersion::TAPROOT:
         case SigVersion::TAPSCRIPT:
+        case SigVersion::TAPSCRIPT_64BIT:
             assert(false);
         }
     }